Login Sign Up

CVE-2021-46162

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Simcenter Femap allows remote code execution through specially crafted NEU files. An attacker could execute arbitrary code with the privileges of the current user by tricking them into opening a malicious file. All Simcenter Femap users with versions before V2022.1.1 are affected.

💻 Affected Systems

Products:
  • Simcenter Femap
Versions: All versions < V2022.1.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the NEU file parser component of Simcenter Femap.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive engineering data and system resources.

🟢

If Mitigated

Limited impact if proper file validation and user awareness controls prevent malicious file execution.

🌐 Internet-Facing: LOW - This requires user interaction to open malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious NEU file. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2022.1.1

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-949188.pdf

Restart Required: Yes

Instructions:

1. Download Simcenter Femap V2022.1.1 or later from Siemens support portal. 2. Install the update following Siemens installation procedures. 3. Restart the application and verify the version.

🔧 Temporary Workarounds

Restrict NEU file handling

windows

Block or restrict NEU file execution through application whitelisting or file extension filtering.

User awareness training

all

Train users to only open NEU files from trusted sources and verify file integrity.

🧯 If You Can't Patch

  • Implement application whitelisting to restrict execution of Simcenter Femap to trusted locations only.
  • Use network segmentation to isolate Simcenter Femap systems from critical network segments.

🔍 How to Verify

Check if Vulnerable:

Check Simcenter Femap version in Help > About menu. If version is below V2022.1.1, the system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About menu

Verify Fix Applied:

Verify version is V2022.1.1 or higher in Help > About menu after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes of Simcenter Femap
  • Unusual file access patterns to NEU files

Network Indicators:

  • Unusual outbound connections from Simcenter Femap process

SIEM Query:

Process: 'femap.exe' AND (EventID: 1000 OR EventID: 1001) for crash detection

📊 Metadata

CVE ID: CVE-2021-46162
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 22, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46162, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)